Contributed by grey on from the creative ideas to try for yourself dept.
On my "personal" smtp gateways where I run spamd with greylisting (before Postfix with "Anti-UCE") I figured out that I could dynamically catch spammers from the output of spamdb and add to my own local spamd blacklist file.
Mini HOWTO:
Become root (su -)
Enable spamd with greylisting in /etc/rc.conf:
spamd_flags="-v"Edit /etc/spamd.conf to use your own blacklist also:
spamd_grey=YES
all: :spamhaus:china:korea:spews2:myblacklist:Create the script which is going to do the "thing":
.
.
myblacklist:\
:black:\
:msg="SPAM. Your address %A is in my spammer list.":\
:file=/var/mail/myblacklist.txt
cd
mkdir bin # If you don't have this dir or put it somewhere else..
`editor of choice` /root/bin/dynaddbl # Paste the the "code" below:----
#!/bin/sh
MYBL=/var/mail/myblacklist.txt
FILTER="billing|sales|info|someother\@mydomain"spamdb | \
egrep -i "$FILTER" | \
cut -d \| -f 2 >> $MYBL
sort -n $MYBL | uniq > $MYBL.newmv $MYBL.new $MYBL
----
Save and Close the editor
Add entry in crontab (and enable spamd-setup if not done earlier):
crontab -e
.
.
0 2 * * * /usr/libexec/spamd-setup
30 * * * * /root/bin/dynaddbl
End of "Mini HOWTO"
I got this idea last night and it's not perfect, but with some help from some brains in this forum it could maybe be something good to add to the spamd concept. Catched addresses don't get into spamd table in pf before spamd-setup gets rerunned by spamd-setup (by cron).What do you think about this "addon"?
Regards
Claes Ström
PS
Why doesn't OpenBSD have Python 2.3.4 when every other "distro" have it (need it for upcoming beta of Zope3X)?
(Comments are closed)
By bernd (80.86.183.232) on
rc.conf(8)
Comments
By Gerardo Santana Gómez Garrido (201.129.52.223) santana at openbsd org mx on http://www.openbsd.org.mx/~santana
Comments
By schubert (66.75.202.53) on
By Anonymous Cheese (68.125.86.22) on
You have a question, and I don't have an answer, but I'll tell you that using the "every other "distro" have it" argument will only work against you. OpenBSD doesn't do what every-one else does, and unless management is replaced, it will continue to be ahead of everyone else when it comes to security and efficiency.
Also, comparing a "distro" to OpenBSD is not correct. Every Linux distribution is just that, and ad-hoc work. OpenBSD on the other hand, is a Operating System; keyword SYSTEM.
Comments
By Claes (82.182.34.80) on
2.3.4 is most a bug fix release (release notes) and not a new feature relelase!
Comments
By Anonymous Coward (3ffe:8010:7:9303:20a:cdff:fe01:3f7d) on
By Anonymous Cheese (68.125.86.22) on
"Distro" is slang, and commonly used within the Linux community. Don't expect the BSD community to embrace its use to generically describe *BSD. Culture shock can be just that, a shock. ;) I myself like Python and find it worthy of replacing or being along side Perl in the base system, but I don't think Perl or Python have any place in the base system at all.
By Anonymous Coward (80.65.225.73) on
just a note: make sure that $MYBL.new and $MYBL couldn't be overwritten but by root (else symlinks could cause damage !).
"Why doesn't OpenBSD have Python 2.3.4 when every other "distro" have it (need it for upcoming beta of Zope3X)?"
Python 2.3.4 was released after OpenBSD 3.5. So it would hardly be in there ;)
btw, I must admit that some important python tools are missing, like PyQt, xmlrpclib, soappy, m2crypto and even more important, the very widely used wxPython toolkit. Are them missing for political (licence, code quality ...) reasons ?
Comments
By Claes (82.182.34.80) on
I was thinking of the cvs of ports as a moving target. I have also looked into "ports" of Python for all "flavors" of BSD and all patches (lot of them) differs a lot between them. Which gets me away from trying to do my own pkg...
BTW Nice that you liked my "idea" (with spamd)
Comments
By Fábio Olivé Leite (161.114.64.74) on
And to the guy who "thought cvs was a moving target": CVS IS a moving target, otherwise I don't see how it would allow for any development at all. Perhaps your local repository isn't a moving target, because you have it set on a TAG. Read up on CVS and learn about update -A.
Comments
By Claes (82.182.34.80) on
BTW I didn't found any contibutions in ports from you either ;-)
Comments
By Fábio Olivé Leite (161.114.64.75) on
When I need something that's not on ports I fetch the source and compile and stay quiet about it. There's no reason to create and contribute ports which I will not have time to maintain myself, and I don't like putting more work over the ports maintainers.
By Anonymous Coward (80.65.225.73) on
Well, yes they are.
But updates are very conservatives beetween releases (mainly bug/security patches are commited on -stable).
That's why i said that: an interpreter upgrade is something that might break stuff (especialy since there is no viable update methods on openbsd packages, and you need to deinstall/reinstall all dependencies). Not a good candidate for an interim upgrade.